ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

Security issue with ILO4

SOLVED
Go to solution
Mauro1967
Occasional Contributor

Security issue with ILO4

Hi!

My University is scanning all the campus servers with Nessus Vulnerability Scanner and they are complaining that my ILO4 (firmware 1.10 July 17 2012) on ProLiant ML350p Gen8 HP server has a "medium" risk level of vulnerability, so they are asking to solve this issue as soon as possible, to avoid potential attacks.

I enclose the "medium" risk entries of the report: all the problems are connected with the 443/tcp port, it seems I should update the version of SSL protocol to improve cipher, encription and certificate...

Actually I do not know what to do in practice, but I am also very cautious since ILO is very useful to monitor the system and I don't want to lose functionalities.

Is anybody able to help me safely in this respect?

Thank you very much in advance!

Mauro

 

4 REPLIES
Jimmy Vance
HPE Pro

Re: Security issue with ILO4

Update to the latest iLO4 firmware and have them scan it again.  You are running a very very old version of iLO firmware. Many securty fixes/enhancments have been added.

http://h20565.www2.hpe.com/hpsc/swd/public/readIndex?sp4ts.oid=1009143853&lang=en&cc=us  Select your OS and then exapnd the firmware tab

You can review the revision history to see the changes that have been made

 




__________________________________________________
No support by private messages. Please ask the forum!      I work for HPE

If you feel this was helpful please click the KUDOS! thumb below!   
Mauro1967
Occasional Contributor

Re: Security issue with ILO4

Dear Jimmy, thank you indeed for the quick suggestion, I will do the update.

However my Operative System is:

CentOS release 6.2 (Final)

which is not present in the list of the web page you suggested me.

Which one should I use? Actually I thought that ILO is

independent with respect to the OS, is it really important

to match the OS?

thank you again

Mauro

Jimmy Vance
HPE Pro

Re: Security issue with ILO4

If your not going to update via the host OS, it is not important to match the OS. You do need to download the firmware file in a verision your client can deal with to extract the binary firmware image. You can then update the image via the web interface.   For CentOS the Red Hat file should work without issue

 

 




__________________________________________________
No support by private messages. Please ask the forum!      I work for HPE

If you feel this was helpful please click the KUDOS! thumb below!   
Mauro1967
Occasional Contributor
Solution

Re: Security issue with ILO4

Dear Jimmy,

ok, I will update to the latest iLO4 firmware first,

then I will check if the security issues will disappear (hopefully)!

Thank you again!

Mauro